mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #12983 from Security-Onion-Solutions/fix/strelka
fix strelka errors
This commit is contained in:
Josh Patterson
GitHub
@@ -43,7 +43,7 @@ strelka_backend:
|
||||
{% endif %}
|
||||
- restart_policy: on-failure
|
||||
- watch:
|
||||
- file: strelkasensorrules
|
||||
- file: strelkasensorcompiledrules
|
||||
|
||||
delete_so-strelka-backend_so-status.disabled:
|
||||
file.uncomment:
|
||||
|
||||
@@ -20,7 +20,7 @@ def check_syntax(rule_file):
|
||||
|
||||
def compile_yara_rules(rules_dir):
|
||||
compiled_dir = os.path.join(rules_dir, "compiled")
|
||||
compiled_rules_path = [ os.path.join(compiled_dir, "rules.compiled"), "/opt/so/saltstack/default/salt/strelka/rules/compiled/rules.compiled" ]
|
||||
compiled_rules_path = "/opt/so/saltstack/local/salt/strelka/rules/compiled/rules.compiled"
|
||||
rule_files = glob.glob(os.path.join(rules_dir, '**/*.yar'), recursive=True)
|
||||
files_to_compile = {}
|
||||
removed_count = 0
|
||||
@@ -57,9 +57,12 @@ def compile_yara_rules(rules_dir):
|
||||
# Compile all remaining valid rules into a single file
|
||||
if files_to_compile:
|
||||
compiled_rules = yara.compile(filepaths=files_to_compile)
|
||||
for path in compiled_rules_path:
|
||||
compiled_rules.save(path)
|
||||
print(f"All remaining rules compiled and saved into {path}")
|
||||
compiled_rules.save(compiled_rules_path)
|
||||
print(f"All remaining rules compiled and saved into {compiled_rules_path}")
|
||||
# Remove the rules.compiled if there aren't any files to be compiled
|
||||
else:
|
||||
if os.path.exists(compiled_rules_path):
|
||||
os.remove(compiled_rules_path)
|
||||
|
||||
# Print summary of compilation results
|
||||
print(f"Summary: {success_count} rules compiled successfully, {removed_count} rules removed due to errors.")
|
||||
|
||||
@@ -5,45 +5,21 @@
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls.split('.')[0] in allowed_states %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% if GLOBALS.is_manager %}
|
||||
include:
|
||||
- strelka.manager
|
||||
{% endif %}
|
||||
|
||||
# Strelka config
|
||||
strelkaconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/rules/compiled/
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkacompileyara:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/strelka/compile_yara.py
|
||||
- source: salt://strelka/compile_yara/compile_yara.py
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkarulesdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/rules
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
{%- if grains.role in ['so-sensor', 'so-heavynode'] %}
|
||||
strelkasensorrules:
|
||||
strelkasensorcompiledrules:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/strelka/rules/compiled/
|
||||
- source: salt://strelka/rules/compiled/
|
||||
- user: 939
|
||||
- group: 939
|
||||
- clean: True
|
||||
{%- endif %}
|
||||
|
||||
strelkareposdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/repos
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkadatadir:
|
||||
@@ -58,7 +34,18 @@ strelkalogdir:
|
||||
- name: /nsm/strelka/log
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkagkredisdatadir:
|
||||
file.directory:
|
||||
- name: /nsm/strelka/gk-redis-data
|
||||
- user: 939
|
||||
- group: 939
|
||||
|
||||
strelkacoordredisdatadir:
|
||||
file.directory:
|
||||
- name: /nsm/strelka/coord-redis-data
|
||||
- user: 939
|
||||
- group: 939
|
||||
|
||||
strelka_sbin:
|
||||
file.recurse:
|
||||
@@ -68,20 +55,6 @@ strelka_sbin:
|
||||
- group: 939
|
||||
- file_mode: 755
|
||||
|
||||
strelkagkredisdatadir:
|
||||
file.directory:
|
||||
- name: /nsm/strelka/gk-redis-data
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkacoordredisdatadir:
|
||||
file.directory:
|
||||
- name: /nsm/strelka/coord-redis-data
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
{% else %}
|
||||
|
||||
{{sls}}_state_not_allowed:
|
||||
|
||||
@@ -4,12 +4,13 @@
|
||||
# Elastic License 2.0.
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{# if strelka.manager or strelka in allowed_states #}
|
||||
{% if sls in allowed_states or sls.split('.')[0] in allowed_states %}
|
||||
|
||||
# Strelka config
|
||||
strelkaconfdir:
|
||||
strelkarulesdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/rules/compiled/
|
||||
- name: /opt/so/conf/strelka/rules
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
@@ -20,21 +21,12 @@ strelkacompileyara:
|
||||
- source: salt://strelka/compile_yara/compile_yara.py
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkarulesdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/rules
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
strelkareposdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/strelka/repos
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
{% else %}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user